Blocking tens of thousands of IP's
Francis Daly
francis at daoine.org
Thu Nov 3 19:00:35 UTC 2016
On Tue, Nov 01, 2016 at 03:15:45PM +0000, Cox, Eric S wrote:
Hi there,
> Is anyone aware of a difference performance wise between using
>
> return 403;
>
> vs
>
> deny all;
>
> When mapping against a list of tens of thousands of ip?
I think the answer is "no".
I would expect that "return 403" would be quicker, since the rewrite
phase happens before the access phase. But I also suspect that the
"checking the list of tens of thousands" that would have to happen first,
would swamp any difference.
I think that the general rule is that if you do not measure a difference,
there is not an important difference to you.
And yes, use "geo" rather than "map" or any other list.
(Or: build one of each in your lab and measure.)
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list